Vulnerability Disclosure Program


Maintaining the security of our networks is a high priority at LVRG. Our information technologies provide critical business operations. Ultimately, our network security ensures that we can accomplish our mission and further enable our customers business goals. The security researcher community regularly makes valuable contributions to the security of organizations and the broader Internet, and LVRG recognizes that fostering a close relationship with the community will help improve our own security. So if you have information about a vulnerability in a LVRG website or web application, we want to hear from you!



LVRG pledges not to initiate legal action against researchers as long as they adhere to this policy.


How to Submit a Vulnerability: To submit a vulnerability report to LVRG’s Product Security Team, please send an email to

What we would like to see from you:

What you can expect from us:


Public Notification. If applicable, LVRG will coordinate a public notification of a validated vulnerability with you. When possible, we would prefer that our respective public disclosures be posted simultaneously. In order to protect our customers, LVRG requests that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability and informed customers if needed.

NTIA reminder on public disclosure. Finders do not create vulnerabilities. The fact that one finder does not disclose its existence does not guarantee that another will not find it - or has already found it. Finders may have reasons to want to disclose the vulnerability publicly. A [coordinated] disclosure situation is preferable to one without control. Vendors may want to express preferences on when finders publicly talk about vulnerabilities.